Use miniscript to generate scripts for taproot transactions

This means that we are no longer compatible with the current "simple taproot channels" proposals, which needs to be updated anyway.

Author: sstone

eclair-core/src/main/scala/fr/acinq/eclair/transactions/Scripts.scala

@@ -314,16 +314,32 @@ object Scripts {
    * Specific scripts for taproot channels
    */
   object Taproot {
+    // miniscript: older(16)
     val anchorScript: Seq[ScriptElt] = OP_16 :: OP_CHECKSEQUENCEVERIFY :: Nil
 
     val anchorScriptTree = new ScriptTree.Leaf(anchorScript.map(scala2kmp).asJava)
 
-    def toRevokeScript(revocationPubkey: PublicKey, localDelayedPaymentPubkey: PublicKey): Seq[ScriptElt] = {
-      OP_PUSHDATA(localDelayedPaymentPubkey.xOnly) :: OP_DROP :: OP_PUSHDATA(revocationPubkey.xOnly) :: OP_CHECKSIG :: Nil
+    /**
+     * sends to a single revocation key
+     * miniscript: pk(revocation_key))
+     *
+     * @param revocationPubkey revocation key
+     * @return a script that will be used to add a "revocation" leaf to a script tree
+     */
+    def toRevokeScript(revocationPubkey: PublicKey): Seq[ScriptElt] = {
+      OP_PUSHDATA(revocationPubkey.xOnly) :: OP_CHECKSIG :: Nil
     }
 
+    /**
+     * sends to a single key after a delay
+     * miniscript: and_v(v:pk(delayed_key),older(delay))
+     *
+     * @param localDelayedPaymentPubkey delayed payment key
+     * @param toLocalDelay              delay
+     * @return a script that will be used to add a "to local key" leak to a script tree
+     */
     def toDelayScript(localDelayedPaymentPubkey: PublicKey, toLocalDelay: CltvExpiryDelta): Seq[ScriptElt] = {
-      OP_PUSHDATA(localDelayedPaymentPubkey.xOnly) :: OP_CHECKSIG :: Scripts.encodeNumber(toLocalDelay.toInt) :: OP_CHECKSEQUENCEVERIFY :: OP_DROP :: Nil
+      OP_PUSHDATA(localDelayedPaymentPubkey.xOnly) :: OP_CHECKSIGVERIFY :: Scripts.encodeNumber(toLocalDelay.toInt) :: OP_CHECKSEQUENCEVERIFY :: Nil
     }
 
     /**
@@ -336,12 +352,19 @@ object Scripts {
     def toLocalScriptTree(revocationPubkey: PublicKey, toSelfDelay: CltvExpiryDelta, localDelayedPaymentPubkey: PublicKey): ScriptTree.Branch = {
       new ScriptTree.Branch(
         new ScriptTree.Leaf(toDelayScript(localDelayedPaymentPubkey, toSelfDelay).map(scala2kmp).asJava),
-        new ScriptTree.Leaf(toRevokeScript(revocationPubkey, localDelayedPaymentPubkey).map(scala2kmp).asJava),
+        new ScriptTree.Leaf(toRevokeScript(revocationPubkey).map(scala2kmp).asJava),
       )
     }
 
+    /**
+     * sends to a key after a 1 block delay
+     * miniscript: and_v(v:pk(remote_key),older(1))
+     *
+     * @param remotePaymentPubkey remote payment key
+     * @return a script that will be used to add a "to remote key" leak to a script tree
+     */
     def toRemoteScript(remotePaymentPubkey: PublicKey): Seq[ScriptElt] = {
-      OP_PUSHDATA(remotePaymentPubkey.xOnly) :: OP_CHECKSIG :: OP_1 :: OP_CHECKSEQUENCEVERIFY :: OP_DROP :: Nil
+      OP_PUSHDATA(remotePaymentPubkey.xOnly) :: OP_CHECKSIGVERIFY :: OP_1 :: OP_CHECKSEQUENCEVERIFY :: Nil
     }
 
     /**
@@ -353,16 +376,34 @@ object Scripts {
       new ScriptTree.Leaf(toRemoteScript(remotePaymentPubkey).map(scala2kmp).asJava)
     }
 
+    /**
+     * spending requires signatures from both keys
+     * miniscript: and_v(v:pk(local_htlc_key),pk(remote_htlc_key))
+     *
+     * @param localHtlcPubkey  local HTLC key
+     * @param remoteHtlcPubkey remote HTLC key
+     * @return a script used to create a "HTLC timeout" leaf in a script tree
+     */
     def offeredHtlcTimeoutScript(localHtlcPubkey: PublicKey, remoteHtlcPubkey: PublicKey): Seq[ScriptElt] = {
       OP_PUSHDATA(localHtlcPubkey.xOnly) :: OP_CHECKSIGVERIFY :: OP_PUSHDATA(remoteHtlcPubkey.xOnly) :: OP_CHECKSIG :: Nil
     }
 
+    // miniscript: and_v(v:hash160(H),and_v(v:pk(remote_htlc_key),older(1)))
+
+    /**
+     * spending requires a signature and a valid preimage, with a 1-block delay
+     * miniscript: and_v(v:hash160(H),and_v(v:pk(remote_htlc_key),older(1)))
+     *
+     * @param remoteHtlcPubkey remote HTLC key
+     * @param paymentHash      payment hash
+     * @return a script used to create a "spend offered HTLC" leaf in a script tree
+     */
     def offeredHtlcSuccessScript(remoteHtlcPubkey: PublicKey, paymentHash: ByteVector32): Seq[ScriptElt] = {
       // @formatter:off
       OP_SIZE :: encodeNumber(32) :: OP_EQUALVERIFY ::
       OP_HASH160 :: OP_PUSHDATA(Crypto.ripemd160(paymentHash)) :: OP_EQUALVERIFY ::
-      OP_PUSHDATA(remoteHtlcPubkey.xOnly) :: OP_CHECKSIG ::
-      OP_1 :: OP_CHECKSEQUENCEVERIFY :: OP_DROP :: Nil
+      OP_PUSHDATA(remoteHtlcPubkey.xOnly) :: OP_CHECKSIGVERIFY ::
+      OP_1 :: OP_CHECKSEQUENCEVERIFY :: Nil
       // @formatter:on
     }
 
@@ -373,6 +414,14 @@ object Scripts {
       )
     }
 
+    /**
+     * spending requires a signature, an absolute HTLC delay, and a 1-block relative delay
+     * miniscript: and_v(v:pk(remote_htlc_key),and_v(v:older(1),after(delay)))
+     *
+     * @param remoteHtlcPubkey remote HTLC key
+     * @param lockTime         HTLC delay
+     * @return
+     */
     def receivedHtlcTimeoutScript(remoteHtlcPubkey: PublicKey, lockTime: CltvExpiry): Seq[ScriptElt] = {
       // @formatter:off
       OP_PUSHDATA(remoteHtlcPubkey.xOnly) :: OP_CHECKSIG ::
@@ -381,6 +430,14 @@ object Scripts {
       // @formatter:on
     }
 
+    /**
+     * miniscript: and_v(v:hash160(H),and_v(v:pk(local_key),pk(remote_key)))
+     *
+     * @param localHtlcPubkey  local HTLC key
+     * @param remoteHtlcPubkey remote HTLC key
+     * @param paymentHash      payment hash
+     * @return
+     */
     def receivedHtlcSuccessScript(localHtlcPubkey: PublicKey, remoteHtlcPubkey: PublicKey, paymentHash: ByteVector32): Seq[ScriptElt] = {
       // @formatter:off
       OP_SIZE :: encodeNumber(32) :: OP_EQUALVERIFY ::

eclair-core/src/main/scala/fr/acinq/eclair/transactions/Transactions.scala

@@ -1150,11 +1150,6 @@ object Transactions {
   }
 
   def makeMainPenaltyTx(commitTx: Transaction, localDustLimit: Satoshi, remoteRevocationPubkey: PublicKey, localFinalScriptPubKey: ByteVector, toRemoteDelay: CltvExpiryDelta, remoteDelayedPaymentPubkey: PublicKey, feeratePerKw: FeeratePerKw, commitmentFormat: CommitmentFormat): Either[TxGenerationSkipped, MainPenaltyTx] = {
-    val redeemScript = if (commitmentFormat.useTaproot) {
-      Nil
-    } else {
-      toLocalDelayed(remoteRevocationPubkey, toRemoteDelay, remoteDelayedPaymentPubkey)
-    }
     val pubkeyScript = if (commitmentFormat.useTaproot) {
       val toLocalScriptTree = Scripts.Taproot.toLocalScriptTree(remoteRevocationPubkey, toRemoteDelay, remoteDelayedPaymentPubkey)
       pay2tr(NUMS_POINT.xOnly, Some(toLocalScriptTree))

eclair-core/src/test/scala/fr/acinq/eclair/transactions/TransactionsSpec.scala

@@ -754,7 +754,7 @@ class TransactionsSpec extends AnyFunSuite with Logging {
     // to-local output script tree, with 2 leaves
     val toLocalScriptTree = new ScriptTree.Branch(
       new ScriptTree.Leaf(toDelayScript(localDelayedPaymentPriv.publicKey, toLocalDelay).map(scala2kmp).asJava),
-      new ScriptTree.Leaf(toRevokeScript(localRevocationPriv.publicKey, localDelayedPaymentPriv.publicKey).map(scala2kmp).asJava),
+      new ScriptTree.Leaf(toRevokeScript(localRevocationPriv.publicKey).map(scala2kmp).asJava),
     )
 
     // to-remote output script tree,  with a single leaf